If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Originally posted here by catch Yes we can dance around what an exact definition of Linux is... the system Torvalds invented did not have the functionality of which you speak.

It didn't support USB, Firewire, or as far as I can recall, PS2, does that somehow make linux today no longer linux? Of course not. Why are you further detracting from the point by talking about history when the discussion is about NOW?

If you say that root can be removed from the security policy and your average person reading this gose out and gets any of the major flavors of Linux, will they be able to do that? Of course not...

No, you're right, they might have to LEARN. Again you are detracting from your very own point about security being an abstract. What can the operating system be MADE to do, not what can it do out of the box? The important point I have brought up is that Linux can be MADE to use the ACL and permissions systems of Trusted operating systems.

Linux being open source can be completely modified... so what then is the functional definition of Linux? I used the one I'd heard most frequently (the kernel as provided by kernel.org), you disagree with this, and I recognized your points as valid exceptions... I still contented that systems like SE Linux are the exception to Linux and not the rule, and therefore constitute individual systems and not Linux as a whole.

See, now you're defeating your own argument because your original point (which I agree with in spirit, if not in your implementation of) was about how secure an operating system can be MADE, not what its capabilities out of the box are. In that sense, with enough time and investment Linux could adhere to every DoD accepted security standard out there, because the source is freely available. Think of linux as more of the modeller's clay, rather than the pottery that is the end result, and maybe my point of view will come across clearer.
As far as I see it, Linux can be made to suit your needs, and a lot of distributors have gone out of their way to do so. If you are looking for "trusted"-style ACLs/permissions schemas, look to SELinux. You cannot define Linux as explicitly as you like since it is easily and readily changed, thus I would put forth that the security models of its various distributions might have to be tested individually and disparate from the "official" kernel from kernel.org.

No, it isn't productive, nor is it the path I wanted this to take. It was supposed to be an abtract about quantifying operating system security... not comparing and complaining about specific definitions of operating systems.

Then why argue non-abstract ideas in an abstract context? Presenting some to reinforce a point is a good idea, however if you are incorrect the original idea can be lost in the ensuing discussion of where and why you were incorrect in your initial statements.

Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?

With enough investment, you could turn anything into anything else. Does this really contribute to the conversation at hand? It seems to be more in the spirit of arguing and less in the spirit of a conversation about OS security.

The topic of when does Linux cease to be Linux should eb discussed elsewhere and would make a good conversation. This thread is not about the technical intricies of the Linux OS. Linux was used as a sample that members would be familiar with. To this end catch used what he believed to be the most commonly known and accepted definition of Linux. What is more, it is his belief that the changes Linux requires to add such capabilities make the whole subject a very gray area and that these systems, most of which are not considered to be commercial level products must be considered seperately from traditional Linux.

As said above, anything can be made into anything with enough resources. You can add mandatory access controls to Windows 95 if you really wanted to, the fact that it is closed source makes no difference. There are even patches to add mandatory access controls to Windows 2000, should this be part of Windows 2000's working definition? With enough time and effort you could turn "Hello World" into an A1 OS, but is that really useful to keep on the table when discussing OS security?

If the most you have to contribute is nitpicking over the desire for catch to have used far more nebulous definitions, and the inclusing of every obscure research project ever into those definitions, please just stop. It does no one any favors.

This is the start of my AI highly secured OS, and I'm going to Open Source it. Catch, you can have it ready for me in 2 weeks right? I mean I already started it, you just have to finish it up for me Heh, just woke up.

Originally posted here by catch chsh, by that argument anything could be anything.

My argument means no such thing. I said that Linux is versatile and modular and people have already done the work required, and that it EASES the ability to continue to expand on its capabilities. Thank you for detracting from it FURTHER by continuing to ignore the actual points and instead doing exactly what you are accusing me of.

With enough investment, you could turn anything into anything else. Does this really contribute to the conversation at hand? It seems to be more in the spirit of arguing and less in the spirit of a conversation about OS security.

Even assuming I had said something which I didn't (as you seem to believe), the fact remains that security is entirely about taking one thing and, using available tools, turning it into another.

Linux was used as a sample that members would be familiar with. To this end catch used what he believed to be the most commonly known and accepted definition of Linux. What is more, it is his belief that the changes Linux requires to add such capabilities make the whole subject a very gray area and that these systems, most of which are not considered to be commercial level products must be considered seperately from traditional Linux.

You mean changes that are actually present in "shipping official kernels" are somehow not considered linux, even though that is what he earlier stated?

As said above, anything can be made into anything with enough resources. You can add mandatory access controls to Windows 95 if you really wanted to, the fact that it is closed source makes no difference. There are even patches to add mandatory access controls to Windows 2000, should this be part of Windows 2000's working definition? With enough time and effort you could turn "Hello World" into an A1 OS, but is that really useful to keep on the table when discussing OS security?

If it was included in Windows 2000 SP3 or something along those lines it would. Catch's argument (and yours, whomever you may be, and whyever you feel the need to discuss in his stead) is extremely flawed because the work is already done. If it was something that "someone could write" I'm inclined to agree, but again I must reiterate it was catch who broached the topic of "abstract" security -- that it taking a box and making it as secure as possible, default configurations ignored. I don't see what's so hard about saying "I didn't know the SELinux mandatory ACL stuff had been contributed to kernel.org" and just being done with it, which is really what it boils down to in this instance.

If the most you have to contribute is nitpicking over the desire for catch to have used far more nebulous definitions, and the inclusing of every obscure research project ever into those definitions, please just stop. It does no one any favors.

You say nebulous, I say "correct". Scary word, yes, however I don't think it's too much to ask to do a bit of research before posting a tutorial like this and proceeding to litter it with incorrect examples that are apparently based on assumption and lack of research. This isn't really a flame, and I encourage you to re-read the history of this thread and make a genuine effort to come to an understanding of what I'm saying.

It was brought to my attention earlier that catch had been linked several bits of relevant information from another member who refrained from participating in this thread, and catch seems to have summarily dismissed it or felt it better to simply act ignorant. I guess he really wasn't that interested in constructive discussion, and was more just up for a good trolling. Oh well, he hasn't changed a bit I see.

Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?